Generate an SSH key pair

To generate your SSH key pair for use on seawulf, execute the following command on your desktop or whatever machine you want to use to connect to seawulf:

ssh-keygen -q -b 2048 -t rsa -f ~/.ssh/seawulf

This will create a 2048-bit RSA key pair. You will be asked for a password (also called passphrase). This will create one public (named 'seawulf.pub') and one private (named 'seawulf'). The key will be created in your '.ssh' directory. See ssh-keygen for details.

Email public key to seawulf admins

Note that .ssh is a hidden folder and you might not see it in your file browser.
To copy the public to your desktop for emailing, use the command:

cp ~/.ssh/seawulf.pub ~/Desktop

Email your PUBLIC key (seawulf.pub) and username to seawulf_admin@lists.sunysb.edu

For the subject use: AMS-536 seawulf account. In the body of the email please write username = user_name (which is your preferred login name); it can be the same username as the one you use in the mathlab.
Send the file seawulf.pub as an attachment in your email. The seawulf admins will read the email and install the key. Once the key has been installed, you will be able to log into seawulf.

Your private key, named 'seawulf', should NEVER be shared or transmitted over an insecure channel (e.g.: email.)

Logging in to Seawulf with your key

It will take some time for the seawulf admins to read your email and install the key. You will be able to log in only once your key has been installed.
First make sure you are logged on to compute.mathlab.sunysb.edu

ssh compute.mathlab.sunysb.edu

If you have not logged into compute before, this is what you will see:
Answer 'yes' to the question asked.

The authenticity of host 'comopute.mathlab.sunysb.edu (129.49.17.38)' can't be established.
RSA key fingerprint is xx:xx:xx:56:9a:5e:ca:d2:28:5e:5e:71:12:bd:00:ba.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'compute.mathlab.sunysb.edu,129.49.17.38' (RSA) to the list of known hosts.

Log in to seawulf using the following command:

ssh -i ~/.ssh/seawulf username@seawulf.stonybrook.edu

After the '-i' option you should provide the path to your private key file. Use the password you chose for your RSA key pair. Change username with your seawulf username. You can omit the username, and just use seawulf.stonybrook.edu if you have the same username from on both mathlab and seawulf.

Protecting your private key

This needs to be done on compute.mathlab.sunysb.edu. Log out of seawulf if you are logged in. If your key is saved on a shared nfs that others can read, change the access permission to prevent others from reading your private key. Set the permissions on your private key file to 600. This means only you and no one else can read the private key file.

Replace username with your own username. You have now made an alias 'sw' to seawulf.

You can also log in to seawulf with just

ssh sw

Note, the permissions for the "config" file need to be -rw-r--r-- otherwise none of the ssh programs will work. Use the following command.

chmod 644 ~/.ssh/config

Copying files to and from seawulf

You can now copy files from compute to seawulf as

scp file.mol2 sw:/path/in/seawulf

You can also copy files from Seawulf using

scp sw:/path/in/seawulf/file.txt /path/in/mathlab

If you just copy the file to sw: it will be saved in the home directory on seawulf.

Changing your passphrase

If you need to change the passphrase for your private key, use the following command:

ssh-keygen -p -f ~/.ssh/seawulf

Where '-i' is again followed by the path to your private key file. This will only change the passphrase on your private key. Now you can log in using this new password. This will not change your public key and you do not have to email it to the seawulf admins again.

Using ssh-agent (Optional)

If you are tired of typing in your passphrase every time you log in, ssh-agent can help.
ssh-agent allows your credentials to be used anywhere on the network.

You will be prompted once for your passphrase. After this prompt you will not need to retype your passphrase for this key until the ssh-agent process dies. Now you can log in to seawulf through multiple machines without having your private key anywhere but on your workstation.

[forwarding your credentials from your workstation to somewhere]

ssh -A -i ~/.ssh/seawulf username@somewhere.sunysb.edu

[ssh'ing from somewhere to elsewhere, forwarding your credentials]

ssh -A username@elsewhere.sunysb.edu

[finally, ssh'ing from elsewhere to seawulf]

ssh username@seawulf.stonybrook.edu

If you don't want to ssh out from seawulf using the same credentials as you use to log in, you can omit '-A' as shown in the example.